Deputy Chief Information Officer for Cybersecurity & InfoTech Risk Management (Chief Information Sec

Washington, D.C
Jul 14, 2019
Jul 16, 2019
Full Time


The Deputy Chief Information Officer for Cybersecurity and Information Technology Risk Management/Chief Information Security Officer (DCIO CITRM/CISO) within the Office of the Chief Information Officer at the U.S. Department of Commerce (DOC), manages and implements the Department-wide IT security program and the Department-wide critical infrastructure program and agency-wide governance of IT Security activities, challenges, and concerns as they arise.


Learn more about this agency


The incumbent shares responsibility with the Chief Information Officer (CIO) in executing the Department-level CIO responsibilities including advising the Secretary of Commerce, in partnership with other senior managers, on the use of information technology to accomplish the Department's mission, and promoting innovative uses of technology to manage information resources so as to prove improved delivery of products and services of Commerce programs in an efficient manner.

The Deputy Chief Information Officer and IT Risk Management/Chief Information Security Officer fully participates with the CIO in executing the duties and responsibilities of the CIO, in leading the agency in a visionary, collaborative, and stake holder-focused manner to leverage IT resources in order to improve the security of DOC's information systems. The incumbent directs the development and implementation of the Information Systems Security program for the Agency with a forward thinking approach utilizing the latest in technology and best practices.

Exercising a thorough knowledge of Government-wide and Departmental policies and regulations, related to information systems security, the incumbent proposes agency IT policies, standards, and procedures related to information systems security. Advises agency senior management on major ISS decisions. Advocates innovative uses of technology to facilitate access by Agency management to information resources and at the same time prevent unwarranted access. Participates with the Chief Information Officer (CIO) in facilitating the acquisition of information resources in a way that maximizes their value and manages their security risks. Provides input to the operation of DOC's information security capabilities. Oversees vendors and contracts to ensure appropriate use of agency funding.

On behalf of the CIO, the DCIO (CISO/CITRM) directs the programs and staff of the Office of Cybersecurity and IT Risk Management, and as a key advisor to the CIO, provides recommendations to the CIO concerning security implications of emerging technologies. The incumbent must apply technical knowledge of considerable scope and depth concerning information security, personal identifiable information (PII) protection, security architecture, computer incident response capability, and information technology supporting continuity of operations. The incumbent directs the following programs:

The Department of Commerce IT Security Program develops and oversees the implementation of a Department-wide IT risk management framework, IT security policies, directives, guidelines, and procedures that ensure the integrity and availability of the Department's IT systems and data. The program maintains a compliance review activity across the Department to ensure that these policies and other directives are being followed and to conduct or oversee testing to ensure that Commerce systems are adequately protected. The program reviews system security plans as well as system assessment and authorization (A&A) documents, maintains a current list of all corrective actions being taken across the Department to improve IT security, prepares reports for OMB and others on the status of Commerce IT security.

The National Security Program ensures the integration and operation of Commerce's classified infrastructure and provides Secret and Top Secret/ Sensitive Compartmented Information connectivity among various bureaus and offices within the Department of Commerce. The program develops, tests, certifies, and deploys technologies, procedures and policies to protect Commerce's critical national and homeland security missions, performs assessment of classified systems, investigates classified information spillages, and supports incident remediation.
The Critical Infrastructure Protection Program ensures the protection of the Department's IT infrastructure so that adequate continuity of operations is planned for and implemented, especially for the infrastructure that is most critical to the Department's mission and to the Nation. The program develops policies, guidelines and implements procedures associated with requirements from various directives relating to Federal critical infrastructure protection. The program provides knowledgeable advice and assistance to Commerce officials relative to planning and implementing appropriate measures to ensure continuity of operations.

The Enterprise Security Program (ESP) focuses on effectively and efficiently implementing Commerce-wide IT security initiatives. The ESP supports analysis, planning, design, implementation, documentation, assessment and overall management of the DOC-wide IT security enterprise architecture improvement projects. The program also oversees a DOC Federation of Computer Incident Response Teams to report and respond to attacks on Commerce IT systems, and to help improve the Department's defense against as such attacks.

Travel Required

Not required

Supervisory status

Promotion Potential


Conditions of Employment

  • Background and/or Security Investigation required.
  • Subject to pre-employment and employment random drug testing.
  • Public Financial Disclosure (SF-278 filing within 30 days is required).
  • Relo. Expenses will not be paid. Recruitment incentives are not offered.
  • Incumbent maybe subject to geographically mobility.
  • Position may require some travel.

Applicants are required to submit a narrative statement for each Professional/Technical Qualification (PTQ) and each Executive Core Qualification (ECQ) listed. If you are currently serving under a career Senior Executive Service (SES) appointment, are eligible for reinstatement into SES, or have successfully completed a SES Candidate Development Program (CDP) approved by the Office of Personnel Management (OPM) and had your ECQs certified by OPM, then you only need to address each PTQ, and you do not need to submit an ECQ narrative. All other applicants are required to respond to all ECQs and PTQs, addressing each ECQ and PTQ separately. Please give a complete and detailed answer for each qualification. Please keep in mind each ECQ and PTQ are unique qualifications. Therefore, duplicate responses are not sufficient in determining if you meet that specific qualification. Do not enter "Refer to Resume" to explain your answer. Applications directing the reader to search within the application or to "See Resume" are considered incomplete and WILL NOT BE CONSIDERED. Failure to submit a narrative statement or address any of the ECQs and/or PTQs is also considered incomplete and WILL NOT BE CONSIDERED. As a result, you will be rated as "INCOMPLETE".


To meet the minimum qualification requirements for this position, you must show that you possess all of the mandatory Executive Core Qualifications and Professional/Technical Qualifications listed below. These qualifications would typically be acquired through education, senior level experience, and training which reflect progressive development and achievement in leading and managing a comprehensive program in a complex organization. An individual's total experience must demonstrate the ability to perform the duties of the position. Applicants must meet all of the qualification requirements by the closing date of this announcement.

The following are the five ECQs and their fundamental competencies which are the primary selection criteria for SES positions. The ECQs were developed to assess executive experience and potential, not to evaluate technical experience. ECQs measure whether an individual has the broad experience needed to succeed in a variety of SES positions.


ECQ 1 - LEADING CHANGE: This core qualification involves the ability to bring about strategic change, both within and outside the organization, to meet organizational goals. Inherent to this ECQ is the ability to establish an organizational vision and to implement it in a continuously changing environment.

(Competencies: creativity and innovation, external awareness, flexibility, resilience, strategic thinking, vision)

ECQ 2 - LEADING PEOPLE: This core qualification involves the ability to lead people toward meeting the organization's vision, mission, and goals. Inherent to this ECQ is the ability to provide an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork, and supports constructive resolution of conflicts.

(Competencies: conflict management, leveraging diversity, developing others, team building)

ECQ 3 - RESULTS DRIVEN: This core qualification involves the ability to meet organizational goals and customer expectations. Inherent to this ECQ is the ability to make decisions that produce high-quality results by applying technical knowledge, analyzing problems, and calculating risks.

(Competencies: accountability, customer service, decisiveness, entrepreneurship, problem solving, technical credibility)

ECQ 4 - BUSINESS ACUMEN: This core qualification involves the ability to manage human, financial, and information resources strategically.

(Competencies: financial management, human capital management, technology management)

ECQ 5 - BUILDING COALITIONS: This core qualification involves the ability to build coalitions internally and with other Federal agencies, State and local governments, nonprofit and private sector organizations, foreign governments, or international organizations to achieve common goals.

(Competencies: partnering, political savvy, influencing/negotiating)


PTQ 1 - Demonstrated knowledge of and experience in formulating, implementing, and managing an effective risk management framework, including development and implementation of policy and guidance on a range of security issues for a large enterprise-level information assurance or cyber security program.

PTQ 2 - Demonstrated experience as an articulate and persuasive leader who can serve as an effective member of the leadership management team and is able to communicate security-related concepts to a broad range of technical and non-technical staff.

PTQ 3 - Demonstrated knowledge of state-of-the-art information security systems domains (such as encryption, Internet Protocol version 6 [IPv6], wireless security, two-factor authentication), including familiarity with critical infrastructure protection and safeguarding of national security systems, in order to evaluate and render sound judgements on a range of information technology (IT) strategy, architecture, infrastructure, and emerging technology decisions, and to ensure, alignment of such decisions with security programs, initiatives, and improvements.


This position does not have an educational requirement.

Additional information

Background Investigation: This position is designated as critical-sensitive and requires that a background investigation be conducted and favorably adjudicated in order to establish security eligibility.
Financial Disclosure: This position is covered under the Ethics in Government Act, which requires comprehensive financial disclosures from employees. The appointee will be required to file a Public Financial Disclosure Report (SF-278), within 30 days after his/her appointment, and then annually thereafter.
Qualifications Approval and Probationary Period: Persons newly selected for career appointment to the Senior Executive Service must have their executive core qualifications approved by an Office of Personnel Management Qualifications Review Board and will be required to serve a one-year probationary period.
Mobility: Individuals selected for Senior Executive Service positions may be subject to reassignment across geographical, organizational, and functional lines.
Drug Testing: Applicants tentatively selected for employment in any position are subject to designated and/or random pre-employment and employment urinalysis. Applicants who refuse to be tested will be denied employment and/or removed from employment with the Department of Commerce.
The materials you send with your application will not be returned.
Veterans' preference is not applicable to positions in the Senior Executive Service.
You will be required to enter your full social security number (SSN) only to initially access and create an account at the OPM USAJOBS website; however, only the last four digits will appear in your resume. Please DO NOT put your SSN on pages within your application package. Privacy Act - Privacy Act Notice (PL 93-579): The information requested here is used to determine qualifications for employment and is authorized under Title 5 U.S.C. 3302 and 3361.
Signature - Before you are hired, you will be required to sign and certify the accuracy of the information in your application.
False Statements - If you make a false statement in any part of your application, you may not be hired, you may be fired after you begin work, or you may be subject to fine, imprisonment, or other disciplinary action.
Selective Service - If you are a male applicant born after December 31, 1959, you must certify that you have registered with the Selective Service System or are exempt from having to do so under the Selective Service Law.
The United States Government does not discriminate in employment on the basis of race, color, religion, sex, national origin, political affiliation, sexual orientation, marital status, disability, age, membership in an employee organization, or other non-merit factor.

How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

All qualified applicants will be evaluated by an Executive Resources Board (ERB) rating panel of senior managers to determine the degree to which they possess the executive core and professional/technical qualifications, and best qualified candidates may undergo an interview and a reference check. The ERB rating panel will make recommendations on best qualified candidates to the appointing authority. Applicants will be evaluated on the quality and extent of their total accomplishments, experience, the ECQs, and the PTQs.

To preview questions please click here .

Background checks and security clearance

Security clearance
Sensitive Compartmented Information

Drug test required

Required Documents

In addition to your online application, the following documents must be submitted and received by 11:59 p.m. Eastern Standard Time (EST) on the closing date of this announcement:

1. Resume (uploaded as attachment or USAJOBS resume created with USAJOBS Resume Builder)

2. For current Senior Executives or individuals with SES reinstatement eligibility: You are encouraged to submit your most recent SF-50 (Notification of Personnel Action) that documents your career appointment status in the SES.

3. For current Federal employees: You are encouraged to submit your most recent SF-50 (Notification of Personnel Action) that documents your current tenure, position title, series and grade level.

4. For SES Candidate Development Program (SESCDP) Graduates: You must submit your SESCDP OPM-Certification documentation.

Applicants who fail to submit requested documents WILL NOT receive consideration for this position. Application will result in an "Incomplete" rating.

If you are unable to upload documents, you may fax your documents using the instructions below. Please fax with the appropriate cover sheet. Please refer to the fax cover sheet for the fax number. Each document must be dialed and faxed in separately as each sheet includes an identification number, which ensures your document is processed correctly.

You may be directed to FAX specific documentation to verify information about your civil service status, your education, and/or other information. Please fax with the appropriate cover sheet. Please refer to the fax cover sheet for the fax number. Each document must be dialed and faxed in separately as each sheet includes an identification number, which ensures your document is processed correctly.


Please fax legible documents using the appropriate coversheet. Documents may be faxed at any time during the open period of this announcement by going to http:/

1. Log into MYUSAJOBS

2. Click on "Applications"

3. Locate the vacancy you applied to

4. Under "Applicant Status" column, click on "More Information"

5. Select "View/Generate Fax Cover Sheet" and click "Continue"

Do not submit any additional information that is not required: Extraneous materials such as award certificates will not be considered.

If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education .

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

Similar jobs